Performance Risk Management - the practical approach
Performance Risk Management is my new and immensely practical approach to integrating performance management and risk management. This is the breakthrough that finally allows the “good ideas” behind enterprise risk management to shine through.
I have written about many aspects of risk management in the past. I find the topic fascinating because it offers such great promise to help organizations of all types accomplish their goals better, faster, and more completely. Unfortunately, for years, I was frustrated by all of the static surrounding risk management. This static has made it virtually impossible to convey a clear picture of the benefits of risk management.
I have spent many years thinking this through. I have always known that the core message of risk management is profound. It just seemed that there was so much static surrounding risk management that the message was always hidden in irrelevancies. I needed to understand which pieces of risk management theory were creating this static. What did I need to strip away for this message to come through loud and clear? I have come to the realization that much of this static resulted from two fallacies:
- An improper primary focus on risks, themselves
- Useless attempts to categorize risks; focusing on the artificial differences between risks rather than finding the universal similarities
As I started recognizing these two ‘static generators’, I was able to develop an approach to risk management that suddenly accomplished two things.
First, risk management could be intuitively aligned with an organization’s performance objectives. More than that – risk management works only if it is aligned with performance objectives. It suddenly started making obvious, practical sense to executive leadership. It’s not just a “nice theory”; it can help achieve bottom line results in a real and practical way.
Second, it became clearer why so many organizations have prematurely abandoned their risk management implementation projects. I understood that the mind numbing real-world complications that these organizations experienced were, actually, irrelevant.
Eliminating the static
The first clear realization was that risk management starts with objectives, not risks. It’s always about accomplishing objectives. Managing associated risks is simply an additional technique to help accomplish your goals. Everyone knows this intuitively. The problem was that risk management theory made, at most, a passing reference to objectives. That’s why risk management never felt right. It never actually aligned with what we knew to be true. An organization doesn’t want to expend efforts to “manage risks”. It will, however, expend effort on better techniques that help it accomplish its objectives better, faster, and more completely.
The second clear realization came to me when I recognized the waste in categorizing risks among “Strategic Risk”, “Compliance Risk”, “Legal Risk”, “Financial Reporting Risk”, etc., etc., etc. Risk management theory loves to focus on these categories. This disguises a lack of deeper understanding – the similarity among all risks. This similarity flowed from the first clear realization – a focus on objectives, not risks. While there may be many types of objectives, there is only one type of risk – an inability to effectively execute.
When you logically extend these two clear realizations, the results are profound. Once you do away with the process of classifying risks, you can focus on actually identifying the risks. Not only that, you actually have a practical framework to identify those risks – real world things that could go wrong relative to a specific objective. Useless theory melts away and practical understanding takes its place. It has allowed me to better communicate not only how an organization benefits from risk management, it has also allowed me to develop a practical way to (i) initially implement risk management within an organization, and (ii) enhance management processes to deliver results better, faster, and more completely.
These are the two basic components of Performance Risk Management. Many benefits flow as a result which I will continue to address in subsequent posts.